package com.zc.config;

import at.pollux.thymeleaf.shiro.dialect.ShiroDialect;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;
import java.util.Map;


@Configuration
public class ShiroConfig {

    //ShiroFilterFactoryBean ：第三步
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(@Qualifier("securityManager")
                                                                    DefaultWebSecurityManager
                                                                    securityManager) {
        System.out.println("ShiroConfiguration.shirFilter()");
        ShiroFilterFactoryBean bean = new ShiroFilterFactoryBean();
        //必须设置 SecurityManager 如果不设置就无法完成认证和授权
        bean.setSecurityManager(securityManager);
        //添加Shiro的内置过滤器
        /*
         * anno:无需认证就可以访问
         * authc:必须认证才能访问
         * user:必须拥有 记住我 功能才能用
         * perms:拥有对某个资源的权限才能访问
         * role:拥有某个角色权限 才能访问
         * */
        Map<String, String> filterMap = new LinkedHashMap<>();
        // 配置退出 过滤器,其中的具体的退出代码Shiro已经替我们实现了
        // logout shiro定义好的过滤器名字 /logout访问路径
        // 浏览器访问的地址栏路径中以/logout结尾的路径 走logout过滤器
        // logout会清除session 退出登录
        filterMap.put("/auth/logout", "logout");
        //所有的img js css文件走 anon过滤器 此过滤器代表放过拦截 不需要权限也能访问
        filterMap.put("/css/**", "anon");
        filterMap.put("/image/**", "anon");
        filterMap.put("/js/**", "anon");
        //放过登录页面拦截
        filterMap.put("/auth/login", "anon");
        // **代表所有路径 除以上路径外的管理员页面都拦截
        //filterMap.put("/**", "authc");
        //DTO 设置未认证的请求
        //bean.setLoginUrl("auth/login1");
        bean.setFilterChainDefinitionMap(filterMap);
        //登录成功跳转的页面
        bean.setSuccessUrl("login/main");
        //DTO 设置未授权的请求
        //bean.setUnauthorizedUrl("/admin/toNoauth");

        return bean;
    }

    //DefaultWebSecurityManager ：第二步
    @Bean(name = "securityManager")
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("sysAccountRealm") SysAccountRealm sysAccountRealm) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //关联UserRealm
        securityManager.setRealm(sysAccountRealm);
        return securityManager;
    }

    //创建realm对象，需要自定义对象 ：第一步
    @Bean(name = "sysAccountRealm")
    public SysAccountRealm sysAccountRealm() {

        SysAccountRealm sysAccountRealm = new SysAccountRealm();
        //修改凭证匹配器
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //设置加密算法为MD5
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        //设置散列次数
        //hashedCredentialsMatcher.setHashIterations(1024);
        sysAccountRealm.setCredentialsMatcher(hashedCredentialsMatcher);
        return sysAccountRealm;
    }

    //整合ShiroDialect,用于整合shiro thymeleaf
    @Bean
    public ShiroDialect getShiroDialect() {
        return new ShiroDialect();
    }
}
